Hyatt Hotels Corp. on Thursday announced it discovered unauthorized access to guests’ payment information at 41 properties around the world.
The company said a third party inserted malware onto hotel IT systems and may have captured payment information of guests who paid between March 18 and July 2. The breach affected seven U.S. properties in Hawaii, Puerto Rico and Guam, but China was hit hardest with 18 locations.
“I want to assure you that there is no indication that information beyond that gained from payment cards—cardholder name, card number, expiration date and internal verification code—was involved, and as a result of implemented measures designed to prevent this from happening in the future, guests can feel confident using payment cards at Hyatt hotels worldwide,” Global President of Operations Chuck Floyd said in a statement,
Though the company said it estimates only a small percentage of payments cards used may be affected, it can’t identify each one so it encourages customers to review their statements for possible fraudulent activity.
In 2015, the company acknowledged a breach of its payment systems that impacted 250 hotels in 50 countries, according to Reuters.